CN104601414A - IP (internet protocol) address conflict detecting method and device in software defined network - Google Patents
IP (internet protocol) address conflict detecting method and device in software defined network Download PDFInfo
- Publication number
- CN104601414A CN104601414A CN201510079981.8A CN201510079981A CN104601414A CN 104601414 A CN104601414 A CN 104601414A CN 201510079981 A CN201510079981 A CN 201510079981A CN 104601414 A CN104601414 A CN 104601414A
- Authority
- CN
- China
- Prior art keywords
- vlan
- sdn switch
- collection
- sdn
- arp packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An embodiment of the invention provides an IP (internet protocol) address conflict detecting method and device in the software defined network (SDN). The IP address conflict detecting method includes issuing a first flow chart item to a first SDN interchanger, wherein the first flow charge item is used for transmitting gratuitous ARP (address resolution protocol) messages received by first endpoint (EP) equipment of the first SDN interchanger to an SDN controller; determining flooding VLAN (virtual local area network) set corresponding to the VLAN to which the first EP belongs and the first SDN interchanger, and flooding the gratuitous ARP messages in the VLAN.
Description
Technical field
Embodiment of the present invention belongs to network communication technology field, the IP address conflict detection method particularly in a kind of software defined network (Software Defined Network, SDN) and device.
Background technology
IP address conflict refers to that IP address occurs overlapping in the environment of local area network (LAN).In legacy network, general by sending free (gratuitous) address resolution protocol (Address Resolution Protocol, ARP) message perception IP address conflict.The difference of gratuitous ARP packet and common ARP message is: common ARP message is packaged with the IP address of other endpoint devices (Endpoint device, EP), and gratuitous ARP packet encapsulation is self IP address.After an EP sends gratuitous ARP packet, if receive arp response message, then illustrate that this IP address exists in network.
But the IP address conflict detection mode of prior art can only detect the IP address conflict situation between the same VLAN of local switch (Virtual Local Area Network, VLAN) interior EP.If EP belongs to the different VLAN of local switch respectively, then IP address conflict detection cannot be carried out.And even if EP is in same VLAN, if EP belongs to different local switchs respectively, the IP address conflict detection mode of prior art cannot carry out IP address conflict detection equally.Therefore, to be suitable for sight single for the IP address conflict detection mode of prior art.
Summary of the invention
Embodiment of the present invention proposes IP address conflict detection method in a kind of SDN and device, to expand the applicable sight that IP address conflict detects.
The technical scheme of embodiment of the present invention is as follows:
The one side of embodiment of the present invention, provide the IP address conflict detection method in a kind of SDN, described method is applied to SDN controller, and the method comprises:
Issue first-class list item to the first SDN switch, described first-class list item is used for the ARP message received from the EP being connected to the first SDN switch to be sent to SDN controller;
Determine the flood VLAN collection corresponding with the VLAN belonging to an EP and described first SDN switch, and the described gratuitous ARP packet that floods in the described VLAN of flooding collection.
The one side of embodiment of the present invention, proposes the IP address conflict checkout gear in a kind of SDN, and described application of installation is in SDN controller, and this device comprises:
First-class list item issues module, and for issuing first-class list item to the first SDN switch, described first-class list item is used for the free ARP message received from the EP being connected to the first SDN switch to be sent to SDN controller;
Flood module, for determining the flood VLAN collection corresponding with the virtual LAN VLAN belonging to an EP and described first SDN switch, and the described gratuitous ARP packet that floods in the described VLAN of flooding collection.
In embodiments of the present invention, the IP address conflict detection scheme in presumptive address collision detection space between EP is realized by SDN controller.Be no matter the EP of the different VLAN belonging to local switch respectively, still belong to the EP of different local switchs respectively, the present invention can carry out IP address conflict detection.Therefore, the IP address conflict detection mode scope of application of the present invention is more extensive.
Accompanying drawing explanation
Fig. 1 is the schematic diagram that prior art realizes IP address conflict detection in legacy network;
Fig. 2 is according to embodiment of the present invention, realizes the method flow diagram that IP address conflict detects in SDN controller side;
Fig. 3 is according to embodiment of the present invention, sends at gratuitous ARP packet the method flow diagram that side realizes IP address conflict detection;
Fig. 4 is according to embodiment of the present invention, sends at arp reply message the method flow diagram that side realizes IP address conflict detection;
Fig. 5 is the exemplary schematic representation realizing IP address conflict detection according to the present invention;
Fig. 6 is according to embodiment of the present invention, realizes the structure drawing of device that IP address conflict detects in SDN controller side;
Fig. 7 is according to embodiment of the present invention, sends at gratuitous ARP packet the structure drawing of device that side realizes IP address conflict detection;
Fig. 8 is according to embodiment of the present invention, sends at arp reply message the structure drawing of device that side realizes IP address conflict detection.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, the present invention is described in further detail.
Fig. 1 is the schematic diagram that prior art realizes IP address conflict detection in legacy network.
In FIG, local switch 1 is connected with EP1, EP2 and EP5; Local switch 2 is connected with EP3, EP4 and EP6, and wherein EP1, EP2 and EP6 belong to VLAN1; EP3 and EP4 belongs to VLAN2; EP5 belongs to VLAN3.
When on EP1 during configuration of IP address, EP1 sends gratuitous ARP packet to local switch 1, and this gratuitous ARP carries MAC Address and the IP address of EP1 self.Local switch 1 floods this gratuitous ARP packet in the VLAN1 of local switch 1, when the equipment (as EP2) that conflicts receives this gratuitous ARP packet, responds arp reply message by local switch 1 to EP1.EP1 receives this arp reply message, in its own system, report address conflict information.
But the feature due to ARP message determines it can not carry out IP forwarding, therefore ARP collision detection can only detect in the VLAN of this locality.Such as, although EP1 and EP5 is connected to identical local switch in Fig. 1, do not belong to same VLAN, therefore cannot perform IP address conflict for EP1 and EP5 and detect.Equally, the IP address conflict on local device and remote equipment cannot also be detected in legacy network.Such as: although EP1 and EP6 in Fig. 1 belongs to identical VLAN jointly, be connected respectively to different local switchs, therefore also cannot perform IP address conflict for EP1 and EP6 to detect.
Visible, in the prior art, between the EP in the different VLAN of same local switch, cannot IP address conflict detection be carried out.And, between the EP of different local switchs, also cannot carry out IP address conflict detection.
In fact, independently address conflict detection space may be there is in overlapping (Overlay) network, this address conflict detection space may across local switch and/or travelling across VLAN, and the EP in this address conflict detection space does not allow IP address overlap.The IP address conflict that embodiment of the present invention is realized in this address conflict detection space by SDN controller detects.
Fig. 2 is according to embodiment of the present invention, realizes the method flow diagram that IP address conflict detects in SDN controller side.
As shown in Figure 2, the method comprises:
Step 201: issue first-class list item to the first SDN switch, first-class list item is used for the gratuitous ARP packet received from the EP being connected to the first SDN switch to be sent to SDN controller.
First-class list item ensures that the gratuitous ARP packet that the first SDN switch receives from an EP all will send SDN controller.SDN controller is packaged with the IP address of an EP from the gratuitous ARP packet that an EP receives.
Step 202: determine the flood VLAN collection corresponding with the VLAN belonging to an EP and the first SDN switch, and at the gratuitous ARP packet that to flood in VLAN collection that floods.
SDN controller can configure one or more VLAN collection that floods, and each VLAN of flooding collection can comprise one or more VLAN.The VLAN collection that floods has respectively and independently identifies, thus mutually distinguishes.The SDN switch that can connect based on the VLAN belonging to the EP sending gratuitous ARP packet and this EP, determines the VLAN collection that floods.
Such as, on SDN controller, mapping table can be set up in advance, in this mapping table, preserve data path mark (DPID) of SDN switch and the corresponding relation of the native vlan ID of SDN switch and the VLAN collection that floods of native vlan.
Such as, for the first SDN switch, can be that each native vlan of the first SDN switch sets up the VLAN collection that floods respectively, this VLAN collection that floods at least comprises native vlan self.And, for each native vlan of the first SDN switch, preserve the corresponding relation of the VLAN collection that floods of the DPID of the first SDN switch and the VLAN ID of native vlan and native vlan further, to form the mapping table of the first SDN switch.SDN controller is connected with multiple SDN switch usually, the mapping table of each SDN switch can be integrated as a whole mapping table.After SDN controller receives gratuitous ARP packet, first inquire about overall mapping table to determine the VLAN collection that floods of gratuitous ARP packet.
Such as, SDN controller receive that the first SDN switch forwards, after source is the gratuitous ARP packet of an EP, the VLAN ID of VLAN belonging to an EP is obtained from gratuitous ARP packet, and based on the DPID of the first SDN switch and this VLAN ID, query mappings table is to determine the VLAN collection that floods of gratuitous ARP packet.The determined VLAN of flooding concentrates and includes VLAN belonging to an EP.
For the determined VLAN of the flooding collection of gratuitous ARP packet is the address conflict detection space of setting, in this address conflict detection space, do not allow IP address overlap.Inventionbroadly, each VLAN of flooding collection can be considered as a network (network).
Particularly, flooding, the gratuitous ARP packet that to flood in VLAN collection can comprise: the SDN switch first determining to have the native vlan belonging to this VLAN collection that floods, and by determined SDN switch composition SDN switch collection; Again gratuitous ARP packet is sent to each SDN switch that SDN switch is concentrated, with the gratuitous ARP packet that flooded in the respective native vlan belonging to the VLAN collection that floods by each SDN switch, thus detect in the address conflict detection space be made up of this VLAN collection that floods whether there is the afoul equipment in IP address with an EP.
In one embodiment, when flood to there is not equipment afoul with the IP address of an EP in the address conflict detection space corresponding to VLAN collection time, such as SDN controller does not receive the arp reply message corresponding to this gratuitous ARP packet in the given time, SDN controller sends zero-address conflict to the first SDN switch and informs message, and zero-address conflict is informed that message is sent to an EP by the first SDN switch.One EP receives after message is informed in zero-address conflict can know zero-address conflict.
In one embodiment, when flood exist with the afoul equipment in IP address (being such as the 2nd EP) of an EP in the address conflict detection space corresponding to VLAN collection time, SDN controller receives the arp reply message corresponding to gratuitous ARP packet from the 2nd EP, arp reply message is sent to the first SDN switch, and arp reply message is sent to an EP by the first SDN switch.Can know to there is address conflict after one EP receives arp reply message, and conflict equipment is the 2nd EP.
After receiving gratuitous ARP packet as the 2nd EP of conflict equipment, find that the IP address of the EP encapsulated in gratuitous ARP packet is overlapping with own IP address, the 2nd EP sends arp response message to self connected local switch.Arp response message is sent to SDN controller by the local switch of the 2nd EP, and arp response message is sent to the first SDN switch by SDN controller, and arp response message is sent to an EP by the first SDN switch.After one EP receives arp response message, can know to there is address conflict, and report address conflict information in its own system.
Preferably, the first SDN switch and the second SDN switch can be embodied as virtual easily extensible local area network (LAN) tunneling termination (VTEP) equipment.
Fig. 3 is according to embodiment of the present invention, and send at gratuitous ARP packet the method flow diagram that side realizes IP address conflict detection, the method is applied to the first SDN switch.
As shown in Figure 3, the method comprises:
Step 301: receive first-class list item from SDN controller, first-class list item is used for the gratuitous ARP packet received from the EP being connected to the first SDN switch to be sent to SDN controller, thus by SDN controller at the gratuitous ARP packet that to flood in VLAN collection that floods.
Step 302: receive the arp reply message corresponding to gratuitous ARP packet from SDN controller, wherein arp reply message is received from the 2nd EP by SDN controller.
Step 303: arp reply message is sent to an EP.
In one embodiment, the 2nd EP is connected to the first SDN switch, and the method also comprises:
Receive second list item from SDN controller, second list item is used for the described arp reply message received from the 2nd EP to be sent to SDN controller.
Preferably, the first SDN switch and the second SDN switch can be embodied as virtual easily extensible local area network (LAN) tunneling termination (VTEP) equipment.
Fig. 4 is according to embodiment of the present invention, and send at arp reply message the method flow diagram that side realizes IP address conflict detection, the method is applied to the second SDN switch.
As shown in Figure 4, the method comprises:
Step 401: receive first-class list item from SDN controller, first-class list item is used for the arp reply message that the 2nd EP being connected to the second SDN switch sends to be sent to SDN controller.
Step 402: receive gratuitous ARP packet from SDN controller, wherein gratuitous ARP packet is connected to that an EP of the first SDN switch sends and is sent to SDN controller by the first SDN switch.
Step 403: receive the arp reply message corresponding to gratuitous ARP packet from the 2nd EP, and according to first-class list item, arp reply message is sent to SDN controller, thus by SDN controller, arp reply message is sent to the first SDN switch, arp reply message is sent to an EP by the first SDN switch.
Preferably, the first SDN switch and the second SDN switch can be embodied as virtual easily extensible local area network (LAN) tunneling termination (VTEP) equipment.
Below in conjunction with instantiation, the present invention will be described.Fig. 5 is the exemplary schematic representation realizing IP address conflict detection according to the present invention.
In Figure 5, VTEP1 is connected with EP1, EP2 and EP5; VTEP2 is connected with EP3, EP4 and EP6, and wherein EP1, EP2 and EP6 belong to VLAN1; EP3 and EP4 belongs to VLAN2; EP5 belongs to VLAN3.
SDN controller issues stream list item 1 to VTEP1, and this stream list item 1 is all sent to SDN controller for the gratuitous ARP packet that received by VTEP1 and arp reply message.
SDN controller also issues stream list item 2 to VTEP2, and this stream list item 2 is all sent to SDN controller for the gratuitous ARP packet that received by VTEP2 and arp reply message.
Particularly, stream list item 1 and stream list item 2 have similar field structure, and its occurrence is ARP type of message mark (0x 0806), and action is delivers to SDN controller, specific as follows:
match:ethtype=0x0806;
action:to controller;
SDN controller by all ARP messages (comprising gratuitous ARP packet and arp reply message) of issuing stream list item 1 and stream list item 2 and can ensureing that VTEP1 and VTEP2 receive can both on deliver to SDN controller.
SDN controller is configured with one or more VLAN collection (GROUP) that floods, and the VLAN collection that floods has respectively and independently identifies.The VLAN collection that floods can be considered as independently address conflict detection space, in this independently address conflict detection space, do not allow IP address overlap.
The SDN controller that the VLAN collection that floods is connected with the VLAN belonging to the EP sending gratuitous ARP packet and this EP is associated.
Such as, can set up mapping table on SDN controller, this mapping table comprises the corresponding relation of the DPID of SDN switch and the native vlan ID of SDN switch and the VLAN collection that floods.
Table 1 is the demonstrative structure of mapping table, and wherein GROUP1, GROUP2, GROUP3 and GROUP4 are respectively the mark of the VLAN collection that floods.
Table 1
| VLAN identifies | DPID | Flood VLAN collection |
| VLAN1 | VTEP1 | GROUP1 |
| VLAN3 | VTEP1 | GROUP2 |
| VLAN1 | VTEP2 | GROUP3 |
| VLAN2 | VTEP2 | GROUP4 |
Such as: SDN controller receive that VTEP1 forwards, source is the gratuitous ARP packet of EP1.SDN controller obtains the VLAN ID (i.e. VLAN1) of VLAN belonging to EP1 from gratuitous ARP packet; Then, SDN controller, at local search table 1, determines that the VLAN collection that floods corresponding to VLAN1 and VTEP1 is: GROUP1.
For another example: SDN controller receive that VTEP2 forwards, source is the gratuitous ARP packet of EP3.SDN controller obtains the VLAN ID (i.e. VLAN2) of VLAN belonging to EP3 from gratuitous ARP packet; Then, SDN controller, at local search table 1, determines that the VLAN collection that floods corresponding to VLAN2 and VTEP2 is: GROUP4.
The VLAN collection that floods can comprise one or more member VLAN.Preferably, SDN controller can be edited the concrete composition of each VLAN collection that floods, namely can increase or delete the member VLAN that the VLAN that floods concentrates.The VLAN that floods concentrates the VLAN at least included as list item in mapping table.Such as, GROUP1 at least should comprise VLAN1; GROUP2 at least should comprise VLAN3; GROUP3 at least should comprise VLAN1; GROUP4 at least should comprise VLAN2.
Based on above-mentioned labor, after SDN controller receives gratuitous ARP packet, the VLAN collection that floods accordingly can be determined, and then at the gratuitous ARP packet that to flood in VLAN collection that floods.
Send gratuitous ARP packet for EP1 below, be described in detail for flooding process of the present invention.
(1), suppose that the determined VLAN of the flooding collection (GROUP1) of gratuitous ARP packet that EP1 sends comprises VLAN1 and VLAN3:
When on EP1 during configuration of IP address, EP1 sends gratuitous ARP packet to VTEP1, and this gratuitous ARP carries MAC Address and the IP address of EP1 self.Gratuitous ARP packet, based on stream list item 1, is sent to SDN controller by VTEP1.
What SDN controller was determined flood, and VLAN collection (GROUP1) comprises VLAN1 and VLAN3.This VTEP collection flooded corresponding to VLAN collection then determined by SDN controller, namely determines that native vlan comprises the VTEP equipment of VLAN1 or VLAN3.EP6 and the VTEP2 belonging to VLAN1 connects, and therefore VLAN1 is the native vlan of VTEP2, so VTEP2 belongs to VTEP collection; EP5 and the VTEP1 belonging to VLAN3 connects, and the EP1 belonging to VLAN1 is connected with EP2 and VTEP1, and therefore VLAN1 and VLAN3 is the native vlan of VTEP1, so VTEP1 also belongs to VTEP collection.Therefore, final determined VTEP collection comprises VTEP1 and VTEP2.
Then, gratuitous ARP packet is sent to VTEP1 and VTEP2 that VTEP concentrates by SDN controller respectively, to be flooded gratuitous ARP packet get rid of the source port of gratuitous ARP packet in the respective native vlan belonging to VLAN collection by VTEP1 and VTEP2.Particularly, VTEP1 floods gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP2, and VTEP1 also to flood gratuitous ARP packet in native vlan 3, and gratuitous ARP packet is flooded to EP5.VTEP2 to flood gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP6.
When conflict equipment is EP2, after EP2 receives this gratuitous ARP packet, respond arp reply message by VTEP1 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 can report address conflict information in its own system.
When conflict equipment is EP6, after EP6 receives this gratuitous ARP packet, respond arp reply message by VTEP2 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 can report address conflict information in its own system.
(2), suppose that the determined VLAN of the flooding collection (GROUP1) of gratuitous ARP packet that EP1 sends comprises VLAN1 and VLAN2:
When on EP1 during configuration of IP address, EP1 sends gratuitous ARP packet to VTEP1, and this gratuitous ARP carries MAC Address and the IP address of EP1 self.Gratuitous ARP packet, based on stream list item 1, is sent to SDN controller by VTEP1.
What SDN controller was determined flood, and VLAN collection comprises VLAN1 and VLAN2.This VTEP collection flooded corresponding to VLAN collection then determined by SDN controller, namely determines that native vlan comprises the VTEP equipment of VLAN1 or VLAN2.The EP1 belonging to VLAN1 is connected with EP2 and VTEP1, and therefore VLAN1 is the native vlan of VTEP1, so VTEP1 belongs to VTEP collection; EP6 and the VTEP2 belonging to VLAN1 connects, and the EP3 belonging to VLAN2 is connected with EP4 and VTEP2, and therefore VLAN1 and VLAN2 is the native vlan of VTEP2, so VTEP2 also belongs to VTEP collection.Therefore, final determined VTEP collection comprises VTEP1 and VTEP2.
Then, gratuitous ARP packet is sent to VTEP1 and VTEP2 that VTEP concentrates by SDN controller respectively, to be flooded gratuitous ARP packet get rid of the source port of gratuitous ARP packet in the respective native vlan belonging to VLAN collection by VTEP1 and VTEP2.Particularly, VTEP1 floods gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP2.VTEP2 floods gratuitous ARP packet in native vlan 2, and gratuitous ARP packet is flooded to EP3 and EP4, and VTEP2 also to flood gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP6.
When conflict equipment is EP2, after EP2 receives this gratuitous ARP packet, respond arp reply message by VTEP1 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 can report address conflict information in its own system.
When conflict equipment is EP6, after EP6 receives this gratuitous ARP packet, respond arp reply message by VTEP2 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 can report address conflict information in its own system.
(3), suppose that the determined VLAN of the flooding collection (GROUP1) of gratuitous ARP packet that EP1 sends comprises VLAN1, VLAN2 and VLAN3:
When on EP1 during configuration of IP address, EP1 sends gratuitous ARP packet to VTEP1, and this gratuitous ARP carries MAC Address and the IP address of EP1 self.Gratuitous ARP packet, based on stream list item 1, is sent to SDN controller by VTEP1.
What SDN controller was determined flood, and VLAN collection comprises VLAN1, VLAN2 and VLAN3.This VTEP collection flooded corresponding to VLAN collection then determined by SDN controller, namely determines that native vlan comprises the VTEP equipment of VLAN1 or VLAN2 or VLAN3.The EP1 belonging to VLAN1 is connected with EP2 and VTEP1, and EP5 and the VTEP1 belonging to VLAN3 connects, and therefore VLAN1 and VLAN3 is the native vlan of VTEP1, so VTEP1 belongs to VTEP collection; EP6 and the VTEP2 belonging to VLAN1 connects, and the EP3 belonging to VLAN2 is connected with EP4 and VTEP2, and therefore VLAN1 and VLAN2 is the native vlan of VTEP2, so VTEP2 also belongs to VTEP collection.Therefore, final determined VTEP collection comprises VTEP1 and VTEP2.
Then, gratuitous ARP packet is sent to VTEP1 and VTEP2 that VTEP concentrates by SDN controller respectively, to be flooded gratuitous ARP packet get rid of the source port of gratuitous ARP packet in the respective native vlan belonging to VLAN collection by VTEP1 and VTEP2.Particularly, VTEP1 floods gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP2; VTEP1 floods gratuitous ARP packet in native vlan 3, and gratuitous ARP packet is flooded to EP5; VTEP2 floods gratuitous ARP packet in native vlan 2, and gratuitous ARP packet is flooded to EP3 and EP4, and VTEP2 also to flood gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP6.
When conflict equipment is EP2, after EP2 receives this gratuitous ARP packet, respond arp reply message by VTEP1 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 reports address conflict information in its own system
When conflict equipment is EP6, after EP6 receives this gratuitous ARP packet, respond arp reply message by VTEP2 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 reports address conflict information in its own system.
When conflict equipment is EP5, after EP5 receives this gratuitous ARP packet, respond arp reply message by VTEP1 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 reports address conflict information in its own system.
(4), suppose that the determined VLAN of the flooding collection (GROUP1) of gratuitous ARP packet that EP1 sends comprises VLAN1:
When on EP1 during configuration of IP address, EP1 sends gratuitous ARP packet to VTEP1, and this gratuitous ARP carries MAC Address and the IP address of EP1 self.Gratuitous ARP packet, based on stream list item 1, is sent to SDN controller by VTEP1.
What SDN controller was determined flood, and VLAN collection comprises VLAN1.This VTEP collection flooded corresponding to VLAN collection then determined by SDN controller, namely determines that native vlan comprises the VTEP equipment of VLAN1.The EP1 belonging to VLAN1 is connected with EP2 and VTEP1, and therefore VLAN1 is the native vlan of VTEP1, so VTEP1 belongs to VTEP collection; EP6 and the VTEP2 belonging to VLAN1 connects, and therefore VLAN1 is the native vlan of VTEP2, so VTEP2 also belongs to VTEP collection.Therefore, final determined VTEP collection comprises VTEP1 and VTEP2.
Then, gratuitous ARP packet is sent to VTEP1 and VTEP2 that VTEP concentrates by SDN controller respectively, to be flooded gratuitous ARP packet get rid of the source port of gratuitous ARP packet in the native vlan 1 belonging to VLAN collection by VTEP1 and VTEP2.Particularly, VTEP1 floods gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP2; VTEP2 to flood gratuitous ARP packet in native vlan 1, and gratuitous ARP packet is flooded to EP6.
When conflict equipment is EP2, after EP2 receives this gratuitous ARP packet, respond arp reply message by VTEP1 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 reports address conflict information in its own system.
When conflict equipment is EP6, after EP6 receives this gratuitous ARP packet, respond arp reply message by VTEP2 to SDN controller.SDN controller receives this arp reply message, then by VTEP1, arp reply message is sent to EP1, thus EP1 reports address conflict information in its own system.
In one embodiment, when SDN controller receive gratuitous ARP packet and do not inquire corresponding flood VLAN collection time, the VLAN at the EP place, source of gratuitous ARP packet is appointed as the VLAN collection of acquiescence, and gratuitous ARP packet is flooded in the VLAN collection of this acquiescence perform IP address conflict detection.
More than describe the example procedure that the present invention realizes IP address conflict detection in detail.It will be appreciated by those of skill in the art that this exemplary description is only signal, and be not used in the protection range of embodiment of the present invention is limited.
Based on above-mentioned labor, embodiment of the present invention also proposed the device realizing IP address conflict and detect.
Fig. 6 is according to embodiment of the present invention, and realize the structure drawing of device that IP address conflict detects in SDN controller side, this application of installation is in SDN controller.
As shown in Figure 6, this device 600 comprises:
First-class list item issues module 601, and for issuing first-class list item to the first SDN switch, described first-class list item is used for the free ARP message received from the EP being connected to the first SDN switch to be sent to SDN controller;
Flood module 602, for determining the flood VLAN collection corresponding with the virtual LAN VLAN belonging to an EP and described first SDN switch, and the described gratuitous ARP packet that floods in the described VLAN of flooding collection.
In one embodiment, this device 600 also comprises:
Response message receiver module 603, for receiving the arp reply message corresponding to described gratuitous ARP packet from the 2nd EP, described arp reply message is sent to the first SDN switch, described arp reply message is sent to a described EP by the first SDN switch.
In one embodiment, this device 600 also comprises:
Inform module 604, for when not receiving the arp reply message corresponding to described gratuitous ARP packet in the given time, send zero-address conflict to the first SDN switch and inform message, zero-address conflict is informed that message is sent to a described EP by the first SDN switch.
In one embodiment:
Flood module 602, for determining to have the SDN switch of the native vlan belonging to this VLAN collection that floods, and by determined SDN switch composition SDN switch collection; Gratuitous ARP packet is sent to each SDN switch that SDN switch is concentrated, with the described gratuitous ARP packet that flooded in the respective native vlan of VLAN collection that floods described in belonging to by described each SDN switch.
In one embodiment:
Flood module 602, for obtaining the VLAN ID of VLAN belonging to an EP from gratuitous ARP packet; Based on DPID and this VLAN ID of the first SDN switch, the mapping table that inquiry presets is to determine the VLAN collection that floods.
Fig. 7 is according to embodiment of the present invention, and send at gratuitous ARP packet the structure drawing of device that side realizes IP address conflict detection, this application of installation is in the first SDN switch.
As shown in Figure 7, this device 700 comprises:
First-class list item receiver module 701, for receiving first-class list item from SDN controller, first-class list item is used for the ARP message received from the EP being connected to the first SDN switch to be sent to SDN controller, thus by SDN controller at the gratuitous ARP packet that to flood in VLAN collection that floods;
Arp reply message receiver module 702, for receiving the arp reply message corresponding to gratuitous ARP packet from SDN controller, wherein arp reply message is received from the 2nd EP by SDN controller;
Arp reply message sending module 703, for being sent to an EP by arp reply message.
Fig. 8 is according to embodiment of the present invention, and send at arp reply message the structure drawing of device that side realizes IP address conflict detection, this application of installation is in the second SDN switch.
As shown in Figure 8, this device 800 comprises:
First-class list item receiver module 801, for receiving first-class list item from SDN controller, first-class list item is used for the arp reply message that the 2nd EP being connected to the second SDN switch sends to be sent to SDN controller;
ARP message receiver module 802, for receiving gratuitous ARP packet from SDN controller, wherein gratuitous ARP packet is connected to that an EP of the first SDN switch sends and is sent to SDN controller by the first SDN switch;
Response message receiver module 803, for receiving the arp reply message corresponding to gratuitous ARP packet from the 2nd EP, and according to first-class list item, arp reply message is sent to SDN controller, thus by SDN controller, arp reply message is sent to the first SDN switch, arp reply message is sent to an EP by the first SDN switch.
In sum, in embodiments of the present invention, the IP address conflict detection scheme in presumptive address collision detection space between multiple EP is realized by SDN controller.Be no matter the EP of the different VLAN belonging to local switch respectively, still belong to the EP of different local switchs respectively, the present invention can carry out IP address conflict detection.Therefore, the IP address conflict detection mode scope of application of the present invention is more extensive.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the IP address conflict detection method in software defined network SDN, is characterized in that, described method is applied to SDN controller, and the method comprises:
Issue first-class list item to the first SDN switch, described first-class list item is used for the free ARP message received from the first end point device EP being connected to the first SDN switch to be sent to SDN controller;
Determine the flood VLAN collection corresponding with the virtual LAN VLAN belonging to an EP and described first SDN switch, and the described gratuitous ARP packet that floods in the described VLAN of flooding collection.
2. method according to claim 1, is characterized in that, describedly determines that the flood VLAN collection corresponding with the VLAN belonging to an EP and the first SDN switch comprises:
The VLAN ID of VLAN belonging to an EP is obtained from described gratuitous ARP packet;
Based on the data path mark DPID and described VLAN ID of described first SDN switch, inquire about the mapping table that presets with the VLAN collection that floods described in determining.
3. method according to claim 2, is characterized in that, described setting mapping table comprises:
Be that each native vlan of the first SDN switch sets up the VLAN collection that floods respectively, described in the VLAN collection that floods comprise described native vlan;
For each native vlan of described first SDN switch, preserve the corresponding relation of the VLAN collection that floods of the DPID of the first SDN switch and the VLAN ID of described native vlan and described native vlan, to form described mapping table.
4. method according to claim 1, is characterized in that, comprises further:
Receive the arp reply message corresponding to described gratuitous ARP packet from the 2nd EP, described arp reply message is sent to the first SDN switch, described arp reply message is sent to a described EP by the first SDN switch.
5. method according to claim 1, is characterized in that, comprises further:
When not receiving the arp reply message corresponding to described gratuitous ARP packet in the given time, sending zero-address conflict to the first SDN switch and informing message, described zero-address conflict is informed that message is sent to a described EP by the first SDN switch.
6. method according to claim 1, is characterized in that, describedly comprises at the described gratuitous ARP packet that to flood in VLAN collection of flooding:
Determine to have the SDN switch of the native vlan belonging to this VLAN collection that floods, and by determined SDN switch composition SDN switch collection;
Described gratuitous ARP packet is sent to each SDN switch that described SDN switch is concentrated, with the described gratuitous ARP packet that flooded in the respective native vlan of VLAN collection that floods described in belonging to by described each SDN switch.
7. the IP address conflict checkout gear in software defined network SDN, is characterized in that, described application of installation is in SDN controller, and this device comprises:
First-class list item issues module, and for issuing first-class list item to the first SDN switch, described first-class list item is used for the free ARP message received from the first end point device EP being connected to the first SDN switch to be sent to SDN controller;
Flood module, for determining the flood VLAN collection corresponding with the virtual LAN VLAN belonging to an EP and described first SDN switch, and the described gratuitous ARP packet that floods in the described VLAN of flooding collection.
8. device according to claim 7, is characterized in that, also comprises:
Response message receiver module, for receiving the arp reply message corresponding to described gratuitous ARP packet from the 2nd EP, is sent to the first SDN switch by described arp reply message, described arp reply message is sent to a described EP by the first SDN switch.
9. device according to claim 7, is characterized in that, also comprises:
Inform module, for when not receiving the arp reply message corresponding to described gratuitous ARP packet in the given time, send zero-address conflict to the first SDN switch and inform message, described zero-address conflict is informed that message is sent to a described EP by the first SDN switch.
10. device according to claim 7, is characterized in that,
Flood module, for obtaining the VLANID of VLAN belonging to an EP from described gratuitous ARP packet; Based on the data path mark DPID and described VLAN ID of described first SDN switch, inquire about the mapping table that presets with the VLAN collection that floods described in determining; And/or
For determining to have the SDN switch of the native vlan belonging to this VLAN collection that floods, and by determined SDN switch composition SDN switch collection; Described gratuitous ARP packet is sent to each SDN switch that described SDN switch is concentrated, with the described gratuitous ARP packet that flooded in the respective native vlan of VLAN collection that floods described in belonging to by described each SDN switch.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510079981.8A CN104601414B (en) | 2015-02-15 | 2015-02-15 | IP address conflict detection method and device in a kind of software defined network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510079981.8A CN104601414B (en) | 2015-02-15 | 2015-02-15 | IP address conflict detection method and device in a kind of software defined network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104601414A true CN104601414A (en) | 2015-05-06 |
| CN104601414B CN104601414B (en) | 2018-12-11 |
Family
ID=53126938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510079981.8A Active CN104601414B (en) | 2015-02-15 | 2015-02-15 | IP address conflict detection method and device in a kind of software defined network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104601414B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681490A (en) * | 2016-03-29 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Software defined network (SDN)-based anti-IP address conflict method |
| CN105897493A (en) * | 2016-06-28 | 2016-08-24 | 电子科技大学 | SDN (Self-Defending Network) rule conflict detection method |
| CN106685689A (en) * | 2016-10-26 | 2017-05-17 | 浙江工商大学 | SDN (software defined network) flow table conflict detection device and method based on deep learning |
| CN108933714A (en) * | 2018-10-24 | 2018-12-04 | 郑州云海信息技术有限公司 | It is a kind of to detect the method, apparatus and storage medium that IP address whether there is |
| CN109120741A (en) * | 2018-08-27 | 2019-01-01 | 中兴通讯股份有限公司 | A kind of repeat address detecting method and device, computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103501355A (en) * | 2013-09-04 | 2014-01-08 | 福建星网锐捷网络有限公司 | Detection method and device of Internet protocol address conflict and gateway device |
| CN104104744A (en) * | 2014-07-09 | 2014-10-15 | 杭州华三通信技术有限公司 | IP address assignment method and device |
| CN104219240A (en) * | 2014-09-03 | 2014-12-17 | 杭州华三通信技术有限公司 | Host information learning method and host information learning device |
-
2015
- 2015-02-15 CN CN201510079981.8A patent/CN104601414B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103501355A (en) * | 2013-09-04 | 2014-01-08 | 福建星网锐捷网络有限公司 | Detection method and device of Internet protocol address conflict and gateway device |
| CN104104744A (en) * | 2014-07-09 | 2014-10-15 | 杭州华三通信技术有限公司 | IP address assignment method and device |
| CN104219240A (en) * | 2014-09-03 | 2014-12-17 | 杭州华三通信技术有限公司 | Host information learning method and host information learning device |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681490A (en) * | 2016-03-29 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Software defined network (SDN)-based anti-IP address conflict method |
| CN105681490B (en) * | 2016-03-29 | 2019-10-22 | 上海斐讯数据通信技术有限公司 | A kind of anti-IP address conflict method based on software defined network |
| CN105897493A (en) * | 2016-06-28 | 2016-08-24 | 电子科技大学 | SDN (Self-Defending Network) rule conflict detection method |
| CN105897493B (en) * | 2016-06-28 | 2018-11-09 | 电子科技大学 | A kind of detection method of SDN rule conflicts |
| CN106685689A (en) * | 2016-10-26 | 2017-05-17 | 浙江工商大学 | SDN (software defined network) flow table conflict detection device and method based on deep learning |
| CN106685689B (en) * | 2016-10-26 | 2019-08-27 | 浙江工商大学 | A kind of SDN flow table collision-detection means and method based on deep learning |
| CN109120741A (en) * | 2018-08-27 | 2019-01-01 | 中兴通讯股份有限公司 | A kind of repeat address detecting method and device, computer readable storage medium |
| CN109120741B (en) * | 2018-08-27 | 2020-10-02 | 南京中兴新软件有限责任公司 | Duplicate address detection method and device and computer readable storage medium |
| CN108933714A (en) * | 2018-10-24 | 2018-12-04 | 郑州云海信息技术有限公司 | It is a kind of to detect the method, apparatus and storage medium that IP address whether there is |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104601414B (en) | 2018-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10110490B2 (en) | Method and apparatus for forwarding packet | |
| EP2853066B1 (en) | Layer-3 overlay gateways | |
| US9992154B2 (en) | Layer 3 convergence for EVPN link failure | |
| CN104601414A (en) | IP (internet protocol) address conflict detecting method and device in software defined network | |
| US10284461B2 (en) | Method and related apparatus for probing packet forwarding path | |
| US20180097658A1 (en) | Virtual local area network mismatch detection in networks | |
| US20070127459A1 (en) | Network apparatus and method for forwarding multicast packets for the same | |
| CN104871495A (en) | Overlay virtual gateway for overlay networks | |
| CN104506408A (en) | Data transmission method and device based on SDN | |
| CN106559292A (en) | A kind of broad band access method and device | |
| CN106878288B (en) | message forwarding method and device | |
| CN107645431B (en) | Message forwarding method and device | |
| CN112187610B (en) | Network isolation system and method for network target range | |
| EP3113425B1 (en) | Encapsulation method for service routing packet, service forwarding entity and control plane | |
| CN107332772B (en) | Forwarding table item establishing method and device | |
| CN108337158B (en) | Unicast message forwarding method and device | |
| US8472420B2 (en) | Gateway device | |
| CN105187311A (en) | Message forwarding method and message forwarding device | |
| CN109428884B (en) | Communication protection device, control method, and recording medium | |
| CN109639552A (en) | A kind of three-layer forwarding method and device | |
| CN106209616A (en) | One floods suppressing method and device | |
| CN103501355A (en) | Detection method and device of Internet protocol address conflict and gateway device | |
| CN104486217A (en) | Cross network message transmitting method and equipment | |
| CN104009919A (en) | Message forwarding method and device | |
| CN108259301A (en) | A kind of tunnel loading method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |